Proxy Minion for Cisco NX OS Switches
The Cisco NX OS Proxy Minion uses the built in SSHConnection module in salt.utils.vt_helper
To configure the proxy minion:
proxy:
proxytype: nxos
host: 192.168.187.100
username: admin
password: admin
prompt_name: switch
ssh_args: '-o PubkeyAuthentication=no'
key_accept: True
(REQUIRED) Use this proxy minion nxos
(REQUIRED) ip address or hostname to connect to
(REQUIRED) username to login with
(REQUIRED) password to use to login with
(REQUIRED, this or prompt_regex below, but not both) The name in the prompt on the switch. Recommended to use your device's hostname.
(REQUIRED, this or prompt_name above, but not both) A regular expression that matches the prompt on the switch and any other possible prompt at which you need the proxy minion to continue sending input. This feature was specifically developed for situations where the switch may ask for confirmation. prompt_name above would not match these, and so the session would timeout.
Example:
dc01-switch-01#.*|\(y\/n\)\?.*
This should match
dc01-switch-01#
or
Flash complete. Reboot this switch (y/n)? [n]
If neither prompt_name nor prompt_regex is specified the prompt will be defaulted to
.+#$
which should match any number of characters followed by a # at the end of the line. This may be far too liberal for most installations.
Any extra args to use to connect to the switch.
Whether or not to accept a the host key of the switch on initial login. Defaults to False.
The functions from the proxy minion can be run from the salt commandline using
the salt.modules.nxos
execution module.
salt.proxy.nxos.
add_config
(lines)¶Add one or more config lines to the switch running config
salt '*' nxos.cmd add_config 'snmp-server community TESTSTRINGHERE group network-operator'
Note
For more than one config added per command, lines should be a list.
salt.proxy.nxos.
check_password
(username, password, encrypted=False)¶Check if passed password is the one assigned to user
salt '*' nxos.cmd check_password username=admin password=admin
salt '*' nxos.cmd check_password username=admin \
password='$5$2fWwO2vK$s7.Hr3YltMNHuhywQQ3nfOd.gAPHgs3SOBYYdGT3E.A' \
encrypted=True
salt.proxy.nxos.
check_role
(username, role)¶Check if user is assigned a specific role on switch
salt '*' nxos.cmd check_role username=admin role=network-admin
salt.proxy.nxos.
delete_config
(lines)¶Delete one or more config lines to the switch running config
salt '*' nxos.cmd delete_config 'snmp-server community TESTSTRINGHERE group network-operator'
Note
For more than one config deleted per command, lines should be a list.
salt.proxy.nxos.
find
(pattern)¶Find all instances where the pattern is in the running command
salt '*' nxos.cmd find '^snmp-server.*$'
Note
This uses the re.MULTILINE regex format for python, and runs the regex against the whole show_run output.
salt.proxy.nxos.
get_roles
(username)¶Get roles that the username is assigned from switch
salt '*' nxos.cmd get_roles username=admin
salt.proxy.nxos.
get_user
(username)¶Get username line from switch
salt '*' nxos.cmd get_user username=admin
salt.proxy.nxos.
grains
()¶Get grains for proxy minion
salt '*' nxos.cmd grains
salt.proxy.nxos.
grains_refresh
()¶Refresh the grains from the proxy device.
salt '*' nxos.cmd grains_refresh
salt.proxy.nxos.
init
(opts=None)¶Required. Can be used to initialize the server connection.
salt.proxy.nxos.
initialized
()¶salt.proxy.nxos.
ping
()¶Ping the device on the other end of the connection
salt '*' nxos.cmd ping
salt.proxy.nxos.
remove_user
(username)¶Remove user from switch
salt '*' nxos.cmd remove_user username=daniel
salt.proxy.nxos.
replace
(old_value, new_value, full_match=False)¶Replace string or full line matches in switch's running config
If full_match is set to True, then the whole line will need to be matched as part of the old value.
salt '*' nxos.cmd replace 'TESTSTRINGHERE' 'NEWTESTSTRINGHERE'
salt.proxy.nxos.
sendline
(command)¶Run command through switch's cli
salt '*' nxos.cmd sendline 'show run | include "^username admin password"'
salt.proxy.nxos.
set_password
(username, password, encrypted=False, role=None, crypt_salt=None, algorithm='sha256')¶Set users password on switch
salt '*' nxos.cmd set_password admin TestPass
salt '*' nxos.cmd set_password admin \
password='$5$2fWwO2vK$s7.Hr3YltMNHuhywQQ3nfOd.gAPHgs3SOBYYdGT3E.A' \
encrypted=True
salt.proxy.nxos.
set_role
(username, role)¶Assign role to username
salt '*' nxos.cmd set_role username=daniel role=vdc-admin
salt.proxy.nxos.
show_run
()¶Shortcut to run show run on switch
salt '*' nxos.cmd show_run
salt.proxy.nxos.
show_ver
()¶Shortcut to run show ver on switch
salt '*' nxos.cmd show_ver
salt.proxy.nxos.
shutdown
(opts)¶Disconnect
salt.proxy.nxos.
system_info
()¶Return system information for grains of the NX OS proxy minion
salt '*' nxos.system_info
salt.proxy.nxos.
unset_role
(username, role)¶Remove role from username
salt '*' nxos.cmd unset_role username=daniel role=vdc-admin